Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

EAPOL auth: Avoid recursive wpa_sm_step() on WPA_DEAUTH case

It was possible for wpa_auth_sm_event(WPA_DEAUTH) to be called from
wpa_sm_step() iteration in the case the EAPOL authenticator state
machine ended up requesting the station to be disconnected. This
resulted in unnecessary recursive call to wpa_sm_step(). Avoid this by
using the already running call to process the state change.

It was possible to hit this sequence in the hwsim test case
ap_wpa2_eap_eke_server_oom.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen 9 years ago
parent
dee2020243
commit
43f49c3788
1 changed files with 8 additions and 0 deletions
Split View Show Diff Stats
  1. 8 0
      src/ap/wpa_auth.c

+ 8 - 0
src/ap/wpa_auth.c
View File 

@@ -1759,6 +1759,14 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event)
 
 			wpa_remove_ptk(sm);
 
 	}
 
 
+	if (sm->in_step_loop) {
 
+		/*
 
+		 * wpa_sm_step() is already running - avoid recursive call to
 
+		 * it by making the existing loop process the new update.
 
+		 */
 
+		sm->changed = TRUE;
 
+		return 0;
 
+	}
 
 	return wpa_sm_step(sm);
 
 }